Introduction

Formally called TSWeb, RD Web Access is Microsoft’s web portal solution that allows you to publish applications over the web using RD RemoteApp. Imagine when you have needed to open an Office document while at home, only to find you do not have the same version as you do at work. Or when you need to work on your Simply Accounting journal entries, but don’t have time to drive into the office. With RD Web, that isn’t a problem.

Obviously, this can be a great risk to your business. Allowing applications to run remotely from the web is only as secure as the password. Someone who is able to share, steal or circumvent a password can gain complete access to the application, and more importantly the data, pretending to be you.

One way to reduce this risk is to enforce a requirement for the user to prove their identity through strong two-factor authentication (2FA). And this is where AuthAnvil Two Factor Auth comes in.

When a user browses to the RD Web Portal, they are confronted with their typical domain credentials along with a request for their next AuthAnvil passcode. In this way, you can gain the benefit of identity assurance while at the same time using the same business workflow as you have before for RD Web Access. Below is a picture showing this in action:

Of course, our RDWeb Logon Agent also has the ability of using risk based authentication decisions. You can selectively decide if certain users can gain access without the need of an AuthAnvil Two Factor Auth credential. In this way, you have the fine grained control that you need to roll out strong authentication to your remote users in a staged manner.

Configuring RD Web Access to support AuthAnvil Two Factor Authentication

Note: Before attempting this integration ensure all configuration files are first backed up.

Note: The RDWeb Logon Agent will automatically strip the domain portion of the username before attempting an AuthAnvil authentication, meaning that the domain will not affect authentication. ie. “DOMAIN\username” will authenticate to AuthAnvil 2FA as “username”.